[selinux-policy: 2452/3172] Improve the documentation of ubac_constrained().
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:37:42 UTC 2010
commit 888d9e4652391f10cb6b764a25ecef86f4ae7af2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 2 11:28:44 2010 -0500
Improve the documentation of ubac_constrained().
policy/modules/kernel/ubac.if | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/ubac.if b/policy/modules/kernel/ubac.if
index 7477750..464f759 100644
--- a/policy/modules/kernel/ubac.if
+++ b/policy/modules/kernel/ubac.if
@@ -5,13 +5,26 @@
########################################
## <summary>
-## Constrain by user-based access control.
+## Constrain by user-based access control (UBAC).
## </summary>
+## <desc>
+## <p>
+## Constrain the specified type by user-based
+## access control (UBAC). Typically, these are
+## user processes or user files that need to be
+## differentiated by SELinux user. Normally this
+## does not include administrative or privileged
+## programs. For the UBAC rules to be enforced,
+## both the subject (source) type and the object
+## (target) types must be UBAC constrained.
+## </p>
+## </desc>
## <param name="type">
## <summary>
## Type to be constrained by UBAC.
## </summary>
## </param>
+## <infoflow type="none"/>
#
interface(`ubac_constrained',`
gen_require(`
More information about the scm-commits
mailing list